Minecraft Malware Infects 50,000 Accounts

Minecraft, the popular world-building game, has a problem. Almost 50,000 accounts have been infected with malware, which reformats the user’s hard drive and deletes backup data and system programs. The problem could be larger.

Minecraft has over 74 million players worldwide; many of whom enjoy the option to use “mods”, third party tools, which further customize the game, such as altering their on-screen avatar. The recently discovered malware entered the Minecraft system courtesy of one of these mods, which is indeed designed to modify the player’s in-game appearance (also known as “skinning”).

The problem was first identified by researchers at Avast’s Threat Labs, a security software development company. Its team noticed that after the character skins were downloaded as PNGs to distribute the malware, they were then uploaded to Mojang’s Minecraft website. Mojang have been alerted to the problem and have now fixed the vulnerability.

Avast said that they didn’t believe that the malicious code was necessarily created by hardened cybercriminals, but rather by inexperienced players wanting to exploit others for their own entertainment. Avast said the code is “largely unimpressive”, and in fact can be found on websites that issue step-by-step guides on how to create a virus using Microsoft’s Notepad word processing tool.

However, due to Minecraft’s popularity and the fact that 43% of its user base is under 21, this is an especially vulnerable group of users for malware creators to target. As the malicious third-party skins were being hosted on the official website, parents and players would likely trust them; however, as Alphr pointed out, it seems likely that Mojang hasn’t been screening each upload for potential viruses.

Avast noted that there are only three infectious skins currently out there; however, they warned any user that may have downloaded a “skinning” app to run a scan on their system immediately and look for unusual messages in Minecraft’s account inbox, system performance issues due to a “tourstart.exe” loop or error messages related to disk formatting. Installing robust Minecraft malware is also a must.

This is not a new problem for Minecraft. Back in October 2017, security firm Symantec, issued an advisory, warning of a handful of mods for Minecraft: Pocket Edition that had been hijacking player’s Android smartphones and tablets, and commandeering them to power an ad fraud botnet. Symantec believes that around 600,000 to 2.5 million (mainly U.S.-based) players of Minecraft downloaded the malevolent apps.

The main purpose of the mobile malware appears to be to generate illegitimate ad revenue for its owner; however, Symantec warned that its use could expand to darker ends.

“This highly flexible proxy topology could easily be extended to take advantage of a number of network-based vulnerabilities, and could potentially span security boundaries”, said Symantec researcher Martin Zhang. He added, “In addition to enabling arbitrary network attacks, the large footprint of this infection could also be leveraged to mount a distributed denial of service (DDoS) attack.”